@superagent-ai/cli

Superagent CLI

Command-line interface for Superagent - analyze prompts for security threats and redact sensitive data.

Installation

npm install -g @superagent-ai/cli

Commands

guard - Security Analysis

Analyze prompts for security threats:

superagent guard "Write a hello world script"

Output:

{
  "rejected": false,
  "decision": {
    "status": "pass"
  },
  "reasoning": "Command approved by guard."
}

Block malicious prompts:

superagent guard "Delete all files with rm -rf /"

Output:

{
  "rejected": true,
  "decision": {
    "status": "block",
    "violation_types": ["unlawful_behavior"],
    "cwe_codes": ["CWE-77"]
  },
  "reasoning": "User wants to delete all files. That is disallowed (exploit). Block."
}

redact - Data Redaction

Remove sensitive data from text:

superagent redact "My email is john@example.com and SSN is 123-45-6789"

Output:

{
  "redacted": "My email is <REDACTED_EMAIL> and SSN is <REDACTED_SSN>",
  "reasoning": "Redacted email and SSN",
  "usage": {
    "prompt_tokens": 25,
    "completion_tokens": 12,
    "total_tokens": 37
  }
}

Custom Entity Redaction - Specify custom entities to redact:

superagent redact --entities "credit card numbers,employee IDs" "My credit card is 4532-1234-5678-9010 and employee ID is EMP-12345"

Output:

{
  "redacted": "My credit card is <REDACTED> and employee ID is <REDACTED>",
  "reasoning": "Redacted credit card numbers and employee IDs"
}

URL Whitelisting - Preserve specific URLs:

superagent redact --url-whitelist https://github.com "Visit https://github.com/user/repo and https://secret.com/data"

Output:

{
  "redacted": "Visit https://github.com/user/repo and <URL_REDACTED>",
  "reasoning": "Preserved whitelisted URLs"
}

PDF File Redaction - Redact sensitive information from PDF files:

superagent redact --file sensitive-document.pdf "Analyze and redact PII from this document"

You can combine file redaction with custom entities:

superagent redact --file document.pdf --entities "SSN,credit card numbers" "Redact sensitive data"

Output:

{
  "redacted": "Redacted text content from the PDF with sensitive data removed",
  "reasoning": "Redacted SSN and credit card numbers from PDF document",
  "usage": {
    "prompt_tokens": 150,
    "completion_tokens": 45,
    "total_tokens": 195
  }
}

Note: File redaction currently supports PDF format only.

Help

Get help for any command:

superagent --help
superagent guard --help
superagent redact --help

Claude Code Hook

Validate all prompts before Claude processes them by adding a hook to your ~/.claude/settings.json:

{
  "env": {
    "SUPERAGENT_API_KEY": "your_api_key_here"
  },
  "hooks": {
    "UserPromptSubmit": [
      {
        "matcher": "*",
        "hooks": [
          {
            "type": "command",
            "command": "superagent guard"
          }
        ]
      }
    ]
  }
}

The CLI will:

• ✅ Allow safe prompts to proceed
• 🛡️ Block malicious prompts with detailed reasoning
• 🔍 Show violation types and CWE codes for blocked prompts

Environment Variables

• SUPERAGENT_API_KEY - Your Superagent API key (required)

Get your API key at app.superagent.sh

How It Works

The CLI uses Superagent to analyze prompts for:

• Security vulnerabilities (SQL injection, command injection, etc.)
• Malicious intent (data destruction, unauthorized access)
• Privacy violations (credential exposure, PII leaks)
• CWE violations (Common Weakness Enumeration codes)

When used as a Claude Code hook, it automatically:

• Receives the user's prompt via stdin
• Sends it to Superagent for analysis
• Returns a structured response to block or allow the prompt
• Shows detailed violation information when blocking

Development

# Install dependencies
npm install

# Build
npm run build

# Test locally
node dist/index.js guard "test prompt"

License

MIT